Traditional computer and computer systems, particularly connected systems within a defined network, are managed by systems administrators. The currently used access control mechanisms have focused on separating the users from one another based upon a security policy determined by the systems administrators. Some, primarily military, systems have allowed finer-grained access control policies allowing separation of different aspects of an individual user but the complexity of these systems made them prohibitively expensive to administer. As a result, these system access control mechanisms have not been widely adopted.
The access control schemes available in various databases and in Java offer finer-grained control of data and objects but do now solve the general problem of access control at the system level.
Most personal computers (PC) can not solve sufficiently the problem of security. PC operating systems, including DOS, Windows, and MacOS, have been assaulted by a barrage of viruses, Trojan horses, and other malicious software, also referred to as malware. The release and use of such malware has been essentially a form of vandalism and its danger grows with the use of the Internet.
If one use such systems for economically meaningful transactions, there is far greater benefit and hence incentive for an attacker. Thus, the need for security is essential, whereby a call arises for an appropriate access control mechanism.
The form factor and usage characteristics of hand held devises, such as personal digital assistants, also abbreviated as PDAs, makes them extremely desirable for use in many e-commerce applications. Unfortunately, current PDA operating systems do not offer the needed security for e-commerce applications. The very fact that PDAs are powerful and general purpose computing devices renders them vulnerable to attack. E-commerce systems based upon PDAs are potentially vulnerable to an entire range of attacks which also can endanger other included systems, e.g. smartcards.
Commonly, a system administrator must determine how much trust can be given to a particular program and/or user. This determination includes considering the value of the information resources on the system in deciding how much trust is required for a program to be installed with privilege. It is a drawback that the system administrator has to update the system and the privileges continuously.
U.S. Pat. No. 3,996,449 is related to an operating system authenticator for determining if an operating system being loaded in a computer is valid. A user's identification code or secret key which is unique to the operating system, and a verifier value which is a predetermined function of a valid operating system and the identification code are respectively stored. A hash function, which is a function of the operating system being loaded and the identification code, is generated by the authenticator. After the operating system is loaded, the hash function is used as an authenticating value and compared with the verifier value for determining the authenticity of the loaded operating system.
In U.S. Pat. No. 5,113,442 a method, and an operating system utilizing this method, for controlling access rights among a plurality of users is described. Each user is provided a user identification number which is prime and each secure object is provided an access code which comprises a value that is a product of the user identification numbers of all users having the same access rights to that secure object. In response to a request by a user for access to a secure object, the access code for that secure object is divided by the user identification number of the requesting user.
Access rights of the user to the requested secure object are determined based on whether the result of the division yields a zero remainder.
Glossary
The following are informal definitions to aid in the understanding of the following description.
Hash function is a computationally efficient function mapping binary strings of arbitrary length to binary strings of some fixed length.
One-way hash function is a function which takes a variable-length message M or some data and produces a fixed-length value, also referred to as hash or specific identifier. Given the specific identifier, it is computationally infeasible to find a message with that specific identifier; in fact one can't determine any usable information about the message M with that specific identifier. In other words, the time to create such a specific identifier is substantially shorter than the time to reconstruct the variable-length message out of the specific identifier. Moreover, the time to find two identical specific identifiers is substantially longer than the time to create one specific identifier.
Trusted computing base (TCB) indicates the totality of protection mechanisms within a computer system, including hardware, firmware, and software, the combination of which is responsible for enforcing a security policy.